Introduction

Completed

You want to send Common Event Format (CEF) log data to the Microsoft Sentinel workspace using the provided data connector.

You're a Security Operations Analyst working at a company that implemented Microsoft Sentinel. You need to collect log data from on-premises network appliances. You can use the Common Event Format connector as the network appliances' data is provided in a structured format.

You install an on-premises Linux host used as a forwarder to send the log data. Next, follow the Common Event Format connector page's instructions to run the deployment script on the Linux host. The final step is to configure the network appliances to forward their logs to your Linux host. Now the network appliances send logs to the new Linux host; the Linux host is then forwarding the logs to the Microsoft Sentinel workspace.

By the end of this module, you'll be able to send Common Event Format (CEF) log data to the Microsoft Sentinel workspace using the provided data connector.

After completing this module, you'll be able to:

  • Explain the Common Event Format connector deployment options in Microsoft Sentinel
  • Run the deployment script for the CEF connector

Prerequisites

Basic knowledge of operational concepts such as monitoring, logging, and alerting